Individual authentication apparatus, individual authentication method, and computer program

ABSTRACT

An authentication processing apparatus for performing authentication based on a user&#39;s normal operation is provided. The authentication processing apparatus performs the authentication processing on the basis of operation information obtained from normally operating an information processing apparatus. Operation information obtained from operating an input unit by the user, such as a keyboard inputting mode, is obtained to serve as operation information, and the obtained operation information is checked against operation information registered in a database to perform authentication. Authentication is thus made possible without requiring the user to perform the special input processing for the authentication processing. Authentication is performed taking into consideration a plurality of pieces of operation information. With the checking processing in which less dispersed data is weighted, user authentication with high accuracy is made possible.

TECHNICAL FIELD

[0001] The present invention relates to individual authenticationprocessing apparatuses and individual authentication processing methods,and more particularly to an individual authentication processingapparatus and individual authentication processing method for performingauthentication based on an individual's operation characteristicsincluded in normal keyboard operations by the individual for whichauthentication is performed and to a computer program.

BACKGROUND ART

[0002] One typical known individual authentication processing systemperforms authentication based on a key such as a password. FIG. 1 showsa processing sequence of a known authentication system for performingauthentication by receiving a password at the time the processing on aninformation processing apparatus (for example, a PC) starts.

[0003]FIG. 1 shows time course in the abscissa axis and illustrates theprocessing performed in accordance with the flow of time. Anauthentication unit 101 performs the authentication processing. Theauthentication unit 101 is provided in the interior of an informationprocessing apparatus used by unspecified users, such as a PC serving asa user terminal or an information terminal or financial terminal locatedin a public place, or a server connected with a network over which userinput information can be transferred.

[0004] The authentication unit 101 stores a password corresponding to apre-registered user in a storage unit and checks a password input from auser against the password stored in the storage unit. When the checkingprocessing determines that the password input from the user agrees withthe password stored in the storage unit, it is determined that theauthentication is successful. If the two passwords disagree with eachother, it is determined that the authentication is unsuccessful.

[0005] Only when the authentication is successful, the processing basedon a user operation performed subsequent to the authentication isperformed. The user operation is diverse, ranging from, for example,obtaining data from storage means in a PC having the authenticationunit, updating data, drawing money from the financial terminal, anddownloading data from the server through the network.

[0006] The processing sequence shown in FIG. 1 is such that, when theauthentication is successful on the basis of the password input once, aseries of subsequent processes is unconditionally performed. Forexample, a user of a PC is authenticated using a password prior tooperating the PC, as shown in FIG. 1. The user who has beenauthenticated leaves the PC. When a different user operates the PC, theprocessing based on the operation is performed. As discussed above, theconfiguration dependent solely on authentication executed as theso-called log-in processing is disadvantageous in that, when anoperation is subsequently performed by a different user, the operationcannot be distinguished from the processing by the authenticate user.

[0007] In order to remove such disadvantages, for example, there is aprocessing sequence shown in FIG. 2. Similar to FIG. 1, FIG. 2 showstime course in the abscissa axis and illustrates the processingperformed in accordance with the flow of time. An authentication unit201 performs the authentication processing. Similar to FIG. 1, theauthentication unit 201 is provided in the interior of an informationprocessing apparatus used by unspecified users, such as a PC serving asa user terminal or an information terminal or financial terminal locatedin a public space, or a server connected with a network over which userinput information can be transferred.

[0008] The processing sequence shown in FIG. 2 performs theauthentication processing every time the user operation is performed.When the authentication is successful once, only one operationimmediately after the authentication is permitted. As discussed above,the authentication processing and operation permission are repetitivelyperformed every time an operation is performed. Accordingly,unauthorized use by a different user, which is described with referenceto FIG. 1, can be eliminated. However, the processing sequence of FIG. 2requires the user to input a key such as a password every time the userperforms an operation. As a result, the operation becomes complicated,and the processing efficiency is reduced.

DISCLOSURE OF INVENTION

[0009] In view of the foregoing problems, the present invention providesthe configuration for obtaining personal characteristics from operationsperformed by a user and sequentially performing the authenticationprocessing based on the obtained personal characteristics.

[0010] It is an object of the configuration of the present invention tosolve the problems of the log-in authentication described using FIG. 1,that is, the problem in that an operation by a different user cannot bedistinguished subsequent to authentication, and to provide an individualauthentication processing apparatus, an individual authenticationprocessing method, and a computer program for eliminating the necessityto input a key such as a password every time an operation is performed,which is described using FIG. 2.

[0011] A first aspect of the present invention is an individualauthentication processing apparatus for performing individualauthentication. The individual authentication processing apparatusobtains normal operation information from normally operating, by a user,input means of an information processing apparatus; extracts anindividual's operation characteristic information from the normaloperation information; checks the individual's extracted operationcharacteristic information against a registered user's operationcharacteristic information stored in storage means; generates, on thebasis of a result of the checking processing, permission information fordetermining whether or not to permit the processing in accordance withuser operation of the input means to be performed on the informationprocessing apparatus; and outputs the generated permission informationto the information processing apparatus.

[0012] According to an embodiment of the individual authenticationprocessing apparatus of the present invention, when generating thepermission information, the individual authentication processingapparatus refers to past checking log data stored in a checking resultmemory that stores past checking results, generates the permissioninformation based on the checking log data, and outputs the permissioninformation to the information processing apparatus.

[0013] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the operationcharacteristic information is information on characteristics of keyinput with a keyboard serving as the input means. The operationcharacteristic information is information including DDn representingtime from pressing a previously input key to pressing a subsequentlyinput key; UDn representing time from pressing a key to releasing thekey; and DUn representing time from releasing the previously input keyto pressing the subsequently input key. The checking processing againstthe registered user's operation characteristic information stored in thestorage means is performed by comparing a distance value d with apredetermined threshold, the distance value d being between inputvectors DD, UD, and DU formed of the DDn, UDn, and DUn and mean vectors[DD], [UD], and [DU] of the registered user's operation characteristicinformation stored in the storage means.

[0014] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the distance value d iscomputed on the basis of the equation d=|DD−[DD]|+k|UD−[UD]|+l|UD−[DU]|where k and l are coefficients.

[0015] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the storage means storesintegrated pieces of operation characteristic information dataconcerning the same operation by the registered user. The checkingprocessing of the operation characteristic information extracted fromthe normal operation information is performed by weighting lessdispersed data of the integrated pieces of characteristic informationdata concerning the same operation by the registered user, which arestored in the storage means, more heavily than widely dispersed data.

[0016] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the operationcharacteristic information is information on characteristics of keyinput with a keyboard serving as the input means. The operationcharacteristic information is information including DDn representingtime from pressing a previously input key to pressing a subsequentlyinput key; UDn representing time from pressing a key to releasing thekey; and DUn representing time from releasing the previously input keyto pressing the subsequently input key. The checking processing againstthe registered user's operation characteristic information stored in thestorage means is performed by comparing a distance value d with apredetermined threshold, the distance value d being computed on thebasis of the equationd=|(DD−[DD])/σDD|+k|(UD)−[UD])/σUD|+l|(DU−[DU])/σDU| where DD, UD, andDU are input vectors formed of the DDn, UDn, and DUn, [DD], [UD], and[DU] are mean vectors of the registered user's operation characteristicinformation stored in the storage means, σDD, σUD, and σDU are standarddeviation vectors obtained on the basis of the registered user'soperation characteristic information stored in the storage means, and kand l are coefficients.

[0017] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the individualauthentication processing apparatus includes a keyword registrationdatabase that stores a word based on which the authentication processingis performed as a keyword. On condition that it is detected that theword registered in the keyword registration database is input from theinput means, the checking processing is performed on the basis of normaloperation information obtained from normally operating the input meansby the user.

[0018] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the normal operationinformation is information concerning an operation sequence of a mouse.The storage means stores the registered user's mouse operation sequenceinformation as the operation characteristic information. The checkingprocessing is performed by checking against the mouse operation sequenceinformation.

[0019] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the normal operationinformation is information concerning a processing sequence of a programexecutable by the information processing apparatus. The storage meansstores the registered user's program processing sequence information asthe operation characteristic information. The checking processing isperformed by checking against the program processing sequenceinformation.

[0020] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the normal operationinformation is information on the frequency of inputting a specific key.The storage means stores the registered user's specific key inputtingfrequency information as the operation characteristic information. Thechecking processing is performed by checking against the specific keyinputting frequency information.

[0021] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the individualauthentication processing apparatus includes an operation unit servingas the input means that outputs a code in accordance with the useroperation; an extraction unit that extracts an individual's operationcharacteristic information from normal operation information obtainedfrom normally operating the operation unit by a user; a checking unitthat checks the individual's operation characteristic informationextracted by the extraction unit against a registered user's operationcharacteristic information pre-registered in a storage medium; and anoutput unit that outputs permission information to the informationprocessing apparatus in accordance with a checking result by thechecking unit, the permission information permitting the processing inaccordance with user operation of the input means to be performed on theinformation processing apparatus. The extraction unit generates theindividual's operation characteristic information at least based onoutput time and output transition time, the output time being fromoutput start time to output end time of the code output from theoperation unit, and the output transition time being generated from theoutput end time of the output code and output start time of a codeoutput subsequent to the code.

[0022] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the extraction unitgenerates the individual's operation characteristic information on thebasis of code interval time, which is a difference between the outputstart time of the code output from the operation unit and the outputstart time of the code output subsequent to the code.

[0023] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the checking unitperforms the checking processing by computing and comparing theregistered user's output time and output transition time registered inthe storage medium with the output time and the output transition timegenerated by the extraction unit.

[0024] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the extraction unitweights and adds a difference between the registered user's output timeregistered in the storage medium and the output time generated by theextraction unit and a difference between the registered user's outputtransition time registered in the storage means and the outputtransition time generated by the extraction unit and compares the sumwith a threshold.

[0025] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the individualauthentication processing apparatus includes an operation unit servingas the input means that outputs a code in accordance with the useroperation; an extraction unit that extracts an individual's operationcharacteristic information based on output time from output start timeto output end time of the code output from the operation unit; a storagemedium that records the operation characteristic information every timethe code is output from the operation unit; a rating unit that ratesdispersion of the operation characteristic information recorded in thestorage medium; a checking unit that compares the individual's operationcharacteristic information extracted by the extraction unit with aregistered user's operation characteristic information pre-registered inthe storage medium and performs the checking processing in accordancewith the dispersion of the operation characteristic information rated bythe rating unit; and an output unit that outputs permission informationto the information processing apparatus in accordance with a checkingresult by the checking unit, the permission information permitting theprocessing in accordance with user operation of the input means to beperformed on the information processing apparatus.

[0026] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the rating unit rates thedispersion on the basis of standard deviation of a plurality of outputtimes corresponding to the code.

[0027] According to the embodiment of the individual authenticationprocessing apparatus of the present invention, the checking unitcompares a rated value against a threshold, the rated value beingobtained by dividing a difference between output time stored in thestorage means and output time newly generated by the extraction unit bythe standard deviation.

[0028] A second aspect of the present invention is an individualauthentication processing method of performing individualauthentication, including:

[0029] a step of obtaining normal operation information from normallyoperating, by a user, input means of an information processingapparatus;

[0030] a step of extracting an individual's operation characteristicinformation from the normal operation information and checking theindividual's extracted operation characteristic information against aregistered user's operation characteristic information stored in storagemeans; and

[0031] a step of generating, on the basis of a result of the checkingprocessing, permission information for determining whether or not topermit the processing in accordance with user operation of the inputmeans to be performed on the information processing apparatus andoutputting the generated permission information to the informationprocessing apparatus.

[0032] According to an embodiment of the individual authenticationprocessing method of the present invention, when generating thepermission information, the individual authentication processing methodrefers to past checking log data stored in a checking result memory thatstores past checking results and generates the permission information onthe basis of the checking log data.

[0033] According to the embodiment of the individual authenticationprocessing method of the present invention, the operation characteristicinformation is information on characteristics of key input with akeyboard serving as the input means. The operation characteristicinformation is information including DDn representing time from pressinga previously input key to pressing a subsequently input key; UDnrepresenting time from pressing a key to releasing the key; and DUnrepresenting time from releasing the previously input key to pressingthe subsequently input key. The checking processing against theregistered user's operation characteristic information stored in thestorage means is performed by comparing a distance value d with apredetermined threshold, the distance value d being between inputvectors DD, UD, and DU formed of the DDn, UDn, and DUn and mean vectors[DD], [UD], and [DU] of the registered user's operation characteristicinformation stored in the storage means.

[0034] According to the embodiment of the individual authenticationprocessing method of the present invention, the distance value d iscomputed on the basis of the equation d=|DD−[DD]|+k|UD−[UD]|+l|UD−[DU]|where k and l are coefficients.

[0035] According to the embodiment of the individual authenticationprocessing method of the present invention, the storage means storesintegrated pieces of operation characteristic information dataconcerning the same operation by the registered user. The checkingprocessing of the operation characteristic information extracted fromthe normal operation information is performed by weighting lessdispersed data of the integrated pieces of characteristic informationdata concerning the same operation by the registered user, which arestored in the storage means, more heavily than widely dispersed data.

[0036] According to the embodiment of the individual authenticationprocessing method of the present invention, the operation characteristicinformation is information on characteristics of key input with akeyboard serving as the input means. The operation characteristicinformation is information including DDn representing time from pressinga previously input key to pressing a subsequently input key; UDnrepresenting time from pressing a key to releasing the key; and DUnrepresenting time from releasing the previously input key to pressingthe subsequently input key. The checking processing against theregistered user's operation characteristic information stored in thestorage means is performed by comparing a distance value d with apredetermined threshold, the distance value d being computed on thebasis of the equationd=|(DD−[DD])/σDD|+k|(UD)−[UD])/σUD|+l|(DU−[DU])/σDU| where DD, UD, andDU are input vectors formed of the DDn, UDn, and DUn, [DD], [UD], and[DU] are mean vectors of the registered user's operation characteristicinformation stored in the storage means, σDD, σUD, and σDU are standarddeviation vectors obtained on the basis of the registered user'soperation characteristic information stored in the storage means, and kand l are coefficients.

[0037] According to the embodiment of the individual authenticationprocessing method of the present invention, a keyword registrationdatabase is provided that stores a word based on which theauthentication processing is performed as a keyword. On condition thatit is detected that the word registered in the keyword registrationdatabase is input from the input means, the checking processing isperformed on the basis of normal operation information obtained fromnormally operating the input means by the user.

[0038] According to the embodiment of the individual authenticationprocessing method of the present invention, the normal operationinformation is information concerning an operation sequence of a mouse.The storage means stores the registered user's mouse operation sequenceinformation as the operation characteristic information. The checkingprocessing is performed by checking against the mouse operation sequenceinformation.

[0039] According to the embodiment of the individual authenticationprocessing method of the present invention, the normal operationinformation is information concerning a processing sequence of a programexecutable by the information processing method. The storage meansstores the registered user's program processing sequence information asthe operation characteristic information. The checking processing isperformed by checking against the program processing sequenceinformation.

[0040] According to the embodiment of the individual authenticationprocessing method of the present invention, the normal operationinformation is information on the frequency of inputting a specific key.The storage means stores the registered user's specific key inputtingfrequency information as the operation characteristic information. Thechecking processing is performed by checking against the specific keyinputting frequency information.

[0041] A third aspect of the present invention is a computer program forperforming individual authentication, including:

[0042] a step of obtaining normal operation information from normallyoperating by a user, input means of an information processing apparatus;

[0043] a step of extracting an individual's operation characteristicinformation from the normal operation information and checking theindividual's extracted operation characteristic information against aregistered user's operation characteristic information stored in storagemeans; and

[0044] a step of generating, on the basis of a result of the checkingprocessing, permission information for determining whether or not topermit the processing in accordance with user operation of the inputmeans to be performed on the information processing apparatus andoutputting the generated permission information to the informationprocessing apparatus.

[0045] The computer program of the present invention can be provided by,for example, a storage medium that provides the computer program to ageneral computer system capable of performing various pieces of programcode in a computer-readable format, a communication medium, a recordingmedium such as a CD, FD, or MO, or a communication medium such as anetwork. By providing the program in the computer-readable format, theprocessing in accordance with the program is achieved on the computersystem.

[0046] Further objects, features, and advantages of the presentinvention will become apparent from the following description of thepreferred embodiments with reference to the attached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0047]FIG. 1 is an illustration showing an example of a sequence of theknown authentication processing and the user-operated input processing(example 1).

[0048]FIG. 2 is an illustration showing an example of a sequence of theknown authentication processing and the user-operated input processing(example 2).

[0049]FIG. 3 is an illustration showing a sequence of the authenticationprocessing and the user-operated input processing according to thepresent invention.

[0050]FIG. 4 is a diagram showing an example of the configuration of asystem for performing the authentication processing according to thepresent invention.

[0051]FIG. 5 is a flowchart for describing the processing by anauthentication processing apparatus according to the present invention.

[0052]FIG. 6 is a flowchart for describing the processing by aninformation processing apparatus permitted or prohibited by theauthentication processing to perform the processing.

[0053]FIG. 7 is a diagram for describing operation informationapplicable to the authentication processing according to the presentinvention.

[0054]FIG. 8 includes diagrams for describing differences betweenindividuals in the operation information applicable to theauthentication processing according to the present invention.

[0055]FIG. 9 is a diagram for describing an example of distribution ofdispersions and means of the operation information applicable to theauthentication processing according to the present invention.

[0056]FIG. 10 is a diagram for describing the checking processing ofinput operation information in the authentication processing that takesinto consideration standard deviation according to the presentinvention.

[0057]FIG. 11 is a diagram showing an example of the configuration of asystem for performing the keyword-based authentication processingaccording to the present invention.

[0058]FIG. 12 is a flowchart showing the keyword-based processing by theauthentication processing apparatus according to the present invention.

[0059]FIG. 13 is a diagram showing an example of the configuration of asystem for performing the processing according to the present invention.

BEST MODE FOR CARRYING OUT THE INVENTION

[0060] With reference to the drawings, an individual authenticationprocessing apparatus and individual authentication processing method ofthe present invention will be described in detail.

[0061] Using FIG. 3, a processing sequence of an individualauthentication processing apparatus according to an embodiment of thepresent invention will now be described. Similar to FIGS. 1 and 2 whichhave been described in the above description, FIG. 3 shows time coursein the abscissa axis and illustrates the processing performed inaccordance with the flow of time. An authentication unit 301 performsthe authentication processing. The authentication unit 301 is providedin the interior of an information processing apparatus used byunspecified users, such as a PC serving as a user terminal or aninformation terminal or financial terminal located in a public place, ora server connected with a network over which user input information canbe transferred.

[0062] The authentication unit 301 stores operation characteristicinformation on personal characteristics of user operations correspondingto a pre-registered user in a storage unit (database), and the storedinformation serves as authentication information. Specific modes of theauthentication information are described in detail later. For example,various pieces of keyboard operation information include elapsed timedata indicating elapsed time from a previous key input to a subsequentkey input, time data indicating time during which a key is pressed, andtime data indicating time from releasing a previous key to pressing asubsequent key. These various pieces of keyboard operation informationare described in detail later.

[0063] The authentication unit 301 receives operation informationobtained from the actual operation to make a processing request to aninformation processing apparatus having the authentication unit andperforms authentication by checking the operation information againstthe authentication information stored in the storage unit (database),that is, the pre-obtained personal information based on the useroperation. Since authentication is performed on the basis of operationinformation extracted from the user's normal operation, authenticationis performed in accordance with the operation involved in making theuser's processing request without causing the user to be aware of theauthentication processing.

[0064] With this configuration, authentication is performed every time aspecific user performs a normal operation. This prevents the problemdescribed with reference to FIG. 1 in that an operation by a differentuser is falsely recognized as an operation by an authenticate user andis thus executed. Since the user only performs operations in accordancewith normal operations, such as making a processing request or inputtingdata, the user is not required to perform the special processing forauthentication, such as inputting a password every time the userperforms an operation, as described in FIG. 2. The processing becomesless complicated, and the processing efficiency is enhanced.

[0065]FIG. 4 is a block diagram of the configuration of an informationprocessing system having an individual authentication processingapparatus of the present invention. With an input unit 403, a user 410performs a desired operation, such as inputting data or making aprocessing request to an information processing apparatus 401. The inputunit 403 includes, for example, various input units such as a keyboardand a mouse. The. input unit operations include, for example, inputtinga word with the keyboard, issuing an application execution (activation)request, designating a file, deleting a file, and clicking on an icon.

[0066] Operation information obtained from operating the input unit 403by the user 410 is input to the information processing apparatus 401 forperforming the processing based on the operation information and to anauthentication processing apparatus 404 for performing the individualauthentication processing. The information processing apparatus 401receives permission information from the authentication processingapparatus 404, the permission information being based on the result ofsuccessful/unsuccessful authentication, which is obtained by theauthentication processing by the authentication processing apparatus404, and determines on the basis of the receipt of the permissioninformation whether or not to perform the processing in accordance withthe operation information input from the input unit 403. When thepermission information indicates that the authentication is successful,the processing is performed. The processing result is output to, forexample, an output unit 402. The output unit 402 is formed of displaymeans, such as a CRT or LCD, or audio output means, such as a speaker.

[0067] The authentication processing apparatus 404 receives theoperation information from the input unit 403 and extracts anindividual's operation characteristic information from the receivedoperation information. The authentication processing apparatus 404checks the individual's extracted operation characteristic informationagainst authentication information serving as a registered user'soperation characteristic information stored in an authenticationinformation database (DB) 406. On the basis of a result of theauthentication processing, the authentication processing apparatus 404generates permission information for determining whether or not topermit the processing to be performed on the information processingapparatus 401 and outputs the permission information to the informationprocessing apparatus 401. In the authentication information database(DB) 406, for example, various pieces of keyboard operation informationserving as the registered user's authentication information areregistered in conjunction with, for example, a user ID. On the basis ofa user ID obtained from the input unit at the time the operation starts,the authentication processing apparatus 404 obtains the registereduser's authentication information from the authentication informationdatabase (DB) 406. The authentication information database (DB) 406stores integrated pieces of operation characteristic information dataconcerning the same operation by the registered user. The checkingprocessing is performed while mean values, dispersion, and standarddeviation of the stored data are taken into consideration. The specificmode of the checking processing is described later.

[0068] When the number of users for which authentication is performed issmall, it is not essential to associate authentication informationstored in the authentication information database (DB) 406 with the userID. Operation information input by a user may be checked against allpieces of authentication information stored in the authenticationinformation database (DB) 406.

[0069]FIG. 5 shows a processing flow of the authentication processingapparatus 404. In accordance with the processing flow of FIG. 5, theprocessing performed by the authentication processing apparatus 404 willnow be described. In step S101, the authentication processing apparatus404 receives operation information based on user operation from theinput unit 403. In step S102, the authentication processing apparatus404 checks the input operation information against data stored in theauthentication information database (DB) 406. In step S103, theauthentication processing apparatus 404 stores the checking result in anauthentication result memory 405. The checking result is data indicatingwhether or not the input operation information agrees with the data inthe authentication information database (DB) 406. In step S104, theauthentication processing apparatus 404 obtains past checking resultsfrom the authentication result memory 405. The past checking resultsare, for example, authentication results of the checking performed onthe basis of a past series of pieces of operation information obtainedfrom a series of operations described using FIG. 3.

[0070] For example, when a series of pieces of authentication log datastored in the authentication result memory 405 indicate thatauthentication has been continuously successful multiple times, if themost recent checking result indicates that the checked pieces ofinformation agree with each other, the authentication processingapparatus 404 determines that the authentication is successful and thuspermits the processing. In contrast, when the results continuouslyindicate that the checked pieces of information disagree with each othermultiple times, another user may have been repetitively trying toestablish fraudulent access. It is thus determined that theauthentication is unsuccessful, and the processing is thus prohibited.In this case, the number of times the checked pieces of informationcontinuously can disagree with each other is preset by theauthentication processing apparatus 404.

[0071] Instead of making reference to the authentication log data in theauthentication result memory 405, authentication based on the checkingprocessing of the operation information obtained from the input unit 403against the data stored in the authentication information database (DB)406 may be performed. In this case, steps S103 and S104 are skipped.

[0072] In step S105, the authentication processing apparatus 404generates permission information based on at least one of the obtainedauthentication log data and the checking result. In step S106, theauthentication processing apparatus 404 outputs the permissioninformation to the information processing apparatus 401. The permissioninformation may be a processing permission signal based on successfulauthentication or a processing prohibition signal based on unsuccessfulauthentication. When authentication is successful and permissioninformation indicating that the processing is permitted is thus sent tothe information processing apparatus 401, in step S108, the operationinformation is registered in the Authentication information database(DB) 406, and the processing is terminated. When authentication isunsuccessful and permission information indicating that the processingis prohibited is sent, the operation information is not registered inthe authentication information database (DB) 406, and the processing isterminated.

[0073] Using FIG. 6, the processing by the information processingapparatus 401 will now be described. The information processingapparatus 401 receives operation information based on user operationfrom the input unit 403. At the time the operation information is input,the processing based on the operation information does not start. Theinformation processing apparatus 401 waits for receipt of permissioninformation from the authentication processing apparatus 404.

[0074] When the information processing apparatus receives in step S202permission information indicating that the authentication by theauthentication processing apparatus 404 is successful or unsuccessful,in step S203, it is determined whether the received permissioninformation indicates that the processing is permitted or prohibited. Ifthe processing is permitted, in step S204, the processing in accordancewith the operation information that has been already input from theinput unit 403 is performed. In step S205, the processing result isoutput to the output unit 402. If it is determined in step S203 that theinput permission information indicates that the processing isprohibited, the processing in accordance with the input operationinformation is not performed, and the processing is terminated.

[0075] A specific example of the authentication processing performed bythe authentication processing apparatus 404 will now be described. Acase will now be described in which the authentication processingapparatus 404 receives operation information input with a keyboardserving as the input unit 403 and performs the individual authenticationprocessing based on operation information concerning the keyboard.

[0076] With regard to operation information concerning the keyboard,D_(n) is the time at which n-th key of an input sequence (n-th characterof an input character string) is pressed, and Un is the time at whichthe pressed key is released. The authentication processing apparatus 404performs the authentication processing based on the following pieces ofoperation information:

DD _(n) =D _(n) −D _(n−1)  (1)

[0077] This indicates time from pressing (n−1)th key of an inputsequence ((n−1)th character of an input character string) to pressingn-th key.

UD _(n) =U _(n) −D _(n)  (2)

[0078] This indicates time from pressing n-th key of an input sequence(n-th character of an input character string) to releasing n-th key.

DU _(n) =D _(n) −U _(n−1)  (3)

[0079] This indicates time from releasing (n−1)th key of an input keysequence ((n−1)th character of an input character string) to pressingn-th key.

[0080] The authentication information database stores theabove-described operation information (1) to (3), which are input inaccordance with a user permitted to perform the processing on theinformation processing apparatus.

[0081]FIG. 7 shows specific examples of the information (1) to (3). Inthe examples shown in FIG. 7, the user inputs the character string[koji] with the keyboard. FIG. 7 indicates that time flows from left toright.

[0082] In FIG. 7, the top row indicates the time at which each characterof the character string [koji] is pressed and released. Theabove-described (1) DD_(n)=D_(n)−D_(n−1) corresponds to time shown inFIG. 7(1), that is, t(ko), t(oj), and t(ji); (2) UD_(n)=U_(n)−D_(n)corresponds to time shown in FIG. 7(2), that is, s(k), s(o), s (j), ands(i); and (3) DU_(n)=D_(n)−U_(n−1) corresponds to r(ko,), r(oj), andr(ji) shown in (3) of FIG. 7.

[0083] For example, t(ko) of (1) indicates time from pressing (n−1)thcharacter (k) of the keyboard to pressing n-th character (o) of thekeyboard; s(o) of (2) indicates time from pressing to releasing n-thcharacter (o) of the keyboard; and r(ko) of (3) indicates time fromreleasing (n−1)th character (k) of the keyboard to pressing n-thcharacter (o) of the keyboard. The data (3) DU_(n)=D_(n)−U_(n−1) mayhave a negative value, such as r(ji) of FIG. 7(3).

[0084] According to this embodiment, in the authentication informationdatabase (DB) 406, at least one set of the above described (1)DD_(n)=D_(n)−D_(n−1), (2) UD_(n)=U_(n)−D_(n), and (3)DU_(n)=D_(n)−U_(n−1) is stored to serve as keyboard operationinformation corresponding to the user authenticated in the past and thuspermitted to perform the processing.

[0085]FIG. 8 shows data indicating that the above-described information(1) DD_(n)=D_(n)−D_(n−1) is applicable to individual identificationserving as individual authentication. FIG. 8 shows data obtained fromthe above-described (1) DD_(n)=D_(n)−D_(n−1) of two test subjects 1 and2 when they input the character string [nakamura] with the keyboard. InFIG. 8, (a) indicates data obtained from test subject 1, and (b)indicates data obtained from test subject 2. Each test subject inputsthe character string [nakamura] five times with the keyboard, and dataindicating time from pressing (n−1)th character of the keyboard topressing n-th character of the keyboard is obtained.

[0086] It is recognized that, when each test subject has performed thesame operation or the same key input multiple times, each test subjecthas performed operations at approximately the same key pressingintervals between characters. It is also clear that there is a distinctdifference in the obtained data of DD_(n)=D_(n)−D_(n−1) between testsubject 1 and test subject 2. For example, the data (a) obtained fromtest subject 1 indicates that the time interval between pressing [k] andpressing [a] is greater than the time interval between pressing [a] andpressing [m]. In contrast, the data (b) obtained from test subject 2indicates that the time interval between pressing [k] and pressing [a]is smaller than the time interval between pressing [a] and pressing [m].As discussed above, a distinct difference between individuals ininputting the character string is recognized. It is thus possible toextract operation characteristics peculiar to each individual from theinput processing performed by each individual using the keyboard.

[0087] The authentication processing apparatus 404 checks the operationinformation on the user for which authentication is performed, which isinput with the input unit 403, against the registered data stored in theauthentication information database 406. Registered data is stored inthe authentication information database 406 every time theauthentication processing is performed and authentication is successful.A plurality of pieces of operation information data is stored for eachindividual. The checking processing have various modes. Specificexamples of the checking processing will now be described.

[0088] (A) Threshold Determination Processing Based on Norms of DataVectors

[0089] Input data vectors DD, UD, and DU are formed on the basis of theabove-described (1) DD_(n)=D_(n)−D_(n−1), (2) UD_(n)=U_(n)−D_(n), and(3) DU_(n)=D_(n)=U_(n−1). The dimension of each vector is in accordancewith a plurality of key inputs of a character string. In other words, ifthere are n key inputs, the vector is n-dimensional. Mean vectors of theregistered data stored in the authentication information database 406are [DD], [UD], and [DU]. The distance d between the input data and theregistered mean data is defined by the following equation:

d=|DD−{overscore (DD)}|+k|UD−{overscore (UD)}|+l|DU−{overscore(DU)}|  [Formula 1]

[0090] where {overscore (XY)} corresponds to the mean value [XY] in thedescription.

[0091] In the description, mean values are similarly written.

[0092] In the above equation, k and l are weight coefficients and arevalues preset by the authentication processing apparatus.

[0093] The distance value d defined by the above equation is comparedwith a predetermined threshold th. When the distance d is less than thethreshold th, that is, when the following holds true:

d<th  [Formula 2]

[0094] it is determined that the authentication is successful. When theabove expression does not hold true, that is, when d≧th, it isdetermined that the authentication is unsuccessful.

[0095] Alternatively, the threshold is changed by, for example, looselysetting the threshold in accordance with the authentication status basedon a past series of authentication results achieved in a series ofoperations, which have been described using FIG. 3. The past series ofauthentication results are stored in the authentication result memory.In contrast, when the past series of authentication results continuouslyindicate that the checked pieces of information continuously disagreewith each other, another user may have been repetitively trying toestablish fraudulent access. In this case, the threshold is strictlyset.

[0096] (B) Threshold Determination by Normalized Distance Based onStandard Deviation of Data Vectors

[0097] Since the mean vectors [DD], [UD], and [DU] of the plurality ofpieces of registered data stored in the authentication informationdatabase 406 are applied to the above processing, that is, thenorm-based processing, the same rating is applied to a case in which aplurality of pieces of registered data are dispersed widely and to acase in which the pieces of registered data are less dispersed. In orderto perform more accurate rating, a distance rating scale for lessdispersed registered data is made different from that for widelydispersed registered data. An example is described in whichnormalization is applied to highly rate the distance obtained from theless dispersed registered data.

[0098]FIG. 9 shows data indicating dispersions and means of key sequencedata DD of FIG. 8. FIG. 9 shows dispersions and mean values of aplurality of pieces of registered data (1) DD_(n)=D_(n)−D_(n−1) obtainedfrom test subject 1 and test subject 2, that is, data indicating timefrom pressing (n−1)th character of the keyboard to pressing n-thcharacter of the keyboard. The diagram makes it clear that each testsubject's registered data includes relatively concentrated registereddata and relatively dispersed data.

[0099] For example, the time interval between the key input [u] and thekey input [r] by test subject 2 shows a large dispersion. It isdifficult to identify an individual on the basis of the distancecomputed by comparing such largely dispersed data with input data. Incontrast, the time interval between the key input [a] and the key input[m] by test subject 2 generates concentrated data. The distance betweensuch data and data obtained from operation information is expected to besmall. If the distance is large, it is very likely that the data isinput from a different user. In order to highly set the rating of thedistance computed from such less dispersed data, standard deviationvectors of the registered data stored in the authentication informationdatabase 406 are used.

[0100] Input data vectors serving as operation information correspondingto the above-described (1) DD_(n)=D_(n)−D_(n−1), (2) UD_(n)=U_(n)−D_(n),and (3) DU_(n)=D_(n)−U_(n−1) are DD, UD, DU; mean vectors of theregistered data stored in the authentication information database 406are [DD], [UD], and [DU]; and standard deviation vectors are σDD, σUD,and σDU. The distance d between the input data and the registered meandata is defined by the following equation: $\begin{matrix}{d = {{\frac{{DD} - \overset{\_}{DD}}{\sigma \quad {DD}}} + {k{\frac{{UD} - \overset{\_}{UD}}{\sigma \quad {UD}}}} + {l{\frac{{DU} - \overset{\_}{DU}}{\sigma \quad {DU}}}}}} & \text{[Formula~~3]}\end{matrix}$

[0101] where k and l are weight coefficients in the above equation andare values preset by the authentication processing apparatus. Thedistance d defined by the above equation is compared with apredetermined threshold th. When the distance d is less than thethreshold th, that is, when the following holds true:

d<th  [Formula 4]

[0102] it is determined that the authentication is successful. When theabove expression does not hold true, that is, when d≧th, it isdetermined that the authentication is unsuccessful.

[0103] By applying the standard deviation vectors σDD, σUD, and σDU ofthe registered data stored in the database 406 to the above equation of[Formula 3] for computing the distance value, the distance value iscomputed wherein the distance between the less dispersed registered dataand the input data vectors is rated highly, and the distance between thelargely dispersed registered data and the input data vectors is ratedlow. FIG. 10 is a diagram for describing the concept of distance rating.Registered data (reference data) shown in the diagram has pieces of dataat measurement points (a) to (f). A case is shown in which data at eachmeasurement point shows a dispersion denoted by the vertical line. Forexample, the dispersion at the measurement point (a) is large, whereasthe dispersion at the measurement point (e) is small.

[0104] If rating data is bold-line data shown in the diagram, thedifference between the bold-line data and the registered data (referencedata) denoted by the thin line is computed as the distance. For example,since data at the measurement point (a) has a large dispersion, therated distance is n=0.3, that is, the distance is rated low. In a caseof less dispersed data at the measurement point (e), the rated distanceis n=5.0, that is, the distance is rated highly. A value correspondingto the sum of these distance values is compared with a threshold.Accordingly, the rating is performed with a heavier emphasis on themeasurement point having less dispersed data that indicates anindividual's characteristics in a clearer manner.

[0105] The authentication processing by the authentication processingapparatus in the above-described embodiment involves obtaining, by theauthentication processing apparatus, a character string that correspondsto a character string input from the input unit, from the registereddata stored in the authentication information database (DB) and checkingone character string against another. Accordingly, the authenticationprocessing is based on arbitrary keystrokes performed by a person forwhich authentication is performed using the input unit. Theauthentication processing requires no special key input. Theauthentication processing is thus executable in accordance with keyinput performed by a user to make a processing request to theinformation processing apparatus.

[0106] In the above embodiment, an example of the authenticationprocessing using operation information obtained by the key inputprocessing using the keyboard has been described. The authenticationprocessing apparatus is only required to perform authentication bychecking operation information input from the input unit against variousoperation information registered in the authentication informationdatabase. Not only the key input operation information but also variousother operation information is applicable to the authenticationprocessing.

[0107] For example, the authentication processing apparatus obtainsinformation concerning a mouse operation sequence as input operationinformation, stores a registered user's mouse operation sequenceinformation as operation characteristic information in theauthentication information database serving as storage means, andperforms authentication by checking against the mouse operation sequenceinformation. Alternatively, the authentication processing apparatusobtains information concerning a processing sequence of a programexecutable by the information processing apparatus as input operationinformation, stores a registered user's program processing sequenceinformation as operation characteristic information in theauthentication information database, and performs authentication bychecking against the program processing sequence information.Alternatively, the authentication processing apparatus obtainsinformation indicating the frequency of inputting a specific key asinput operation information, stores a registered user's specific keyinputting frequency information as operation characteristic informationin the authentication information database, and performs authenticationby checking against the specific key inputting frequency information.

[0108] More specifically, operation habits, e.g., the frequency ofclicking the mouse, the speed of the mouse movement, the mouth track ofselecting operation (for example, straight line, curved line, zigzag,etc.), the clicking time interval when double clicking or tripleclicking the mouse, and the frequency of using a specific key of thekeyboard (left/right shift keys, function keys, numerical keypad, etc.),are stored in the individual authentication database. Authentication ismade possible by checking operation information against these pieces ofregistered information.

[0109] Furthermore, operation types, e.g., the frequency of inputting aspecific word using the keyboard, the frequency of using eachapplication, the frequency of using each specific function of anapplication, and the window arrangement information in the windowsystem, are stored in the individual authentication database.Authentication is made possible by comparing operation informationagainst these pieces of registered information.

[0110] Furthermore, information or data obtained from a series ofprocedures for performing a specific operation, e.g., a plurality ofprocesses performed to activate an application, namely, double-clickingon an application icon, designating a file, double-clicking on adocument data icon, and activating a start menu, are stored in theindividual authentication database. Authentication is made possible bychecking operation information against these pieces of registeredinformation. Information obtained from a procedure for performing aspecific operation may also include information obtained from aprocedure for deleting a file, the procedure involving pressing a deletekey, using a trash box, and right-clicking the mouse to delete the file,as registered information. Furthermore, information concerning the useof specific functions, e.g., selecting and designating a process from amenu bar, selecting and activating an icon, right-clicking the mouse toselect an item from the menu, and using a shortcut key, are stored inthe individual authentication database as information obtained fromprocedures in accordance with a specific user interface. Authenticationis made possible by checking operation information against these piecesof registered information.

[0111] An embodiment will now be described in which at least one keywordis registered in a keyboard database, the keyword being a frequentlyperformed key input sequence, whether or not there is an inputcorresponding to the registered keyword is determined, and theauthentication processing is performed only when it is determined thatthere is an input corresponding to the registered keyword.

[0112]FIG. 11 is a block diagram of the configuration of a system towhich an individual authentication processing apparatus of thisembodiment is applied. With an input unit 503, a user 510 performsdesired operations. The input unit 503 is a keyboard.

[0113] Operation information obtained from operating, by the user 510,the keyboard serving as the input unit 503 is input to an informationprocessing apparatus 501 for performing the processing based on theoperation information and to an authentication processing apparatus 504for performing the individual authentication processing. The informationprocessing apparatus 501 receives permission information from theauthentication processing apparatus 504 when the authenticationprocessing apparatus 504 performs the authentication processing anddetermines that the authentication is successful. On the basis of thereceipt of the permission information, the information processingapparatus 501 performs the processing in accordance with the operationinformation input from the input unit 503 and outputs the result to anoutput unit 502. The output unit 502 is formed of display means, such asa CRT or LCD, or audio output means, such as a speaker.

[0114] The authentication processing apparatus 504 checks a keyboardinput word, which serves as operation information input from the inputunit 503, against a word registered in a keyword database 520. When thetwo words agree with each other, the authentication processing apparatus504 performs the authentication processing based on the checkingprocessing of checking against authentication information stored in anauthentication information database (DB) 506. FIG. 12 shows a processingflow of the authentication processing apparatus 504.

[0115] In accordance with the processing flow of FIG. 12, the processingby the authentication processing apparatus 504 will now be described. Instep S301, the authentication processing apparatus 504 receivesoperation information based on user operation from the input unit 503.In step S302, the authentication processing apparatus 504 compares theinput operation information (input word) against a keyword stored in thekeyword database and determines whether or not the word input from theuser is already registered.

[0116] When it is determined in step S303 that the input operationinformation (input word) agrees with the keyword stored in the keyworddatabase, in step S304, the authentication processing apparatus 504performs the checking processing of the input operation informationagainst information in the authentication information database (DB). Theprocessing involves the checking processing concerning, for example, (1)DD_(n)=D_(n)−D_(n−1), (2) UD_(n)=U_(n)−D_(n), and (3)DU_(n)=D_(n)−U_(n−1), which have been described in the previousembodiment. In step S305, the authentication processing apparatus 504stores the checking result in an authentication result memory 505.

[0117] In step S306, the authentication processing apparatus 504 obtainschecking result log up to the present from the authentication resultmemory 505. In step S307, the authentication processing apparatus 504generates permission information on the basis of the obtainedauthentication log information. In step S308, the authenticationprocessing apparatus 504 outputs the permission information to theinformation processing apparatus 501. The permission information may bea processing permission signal based on successful authentication or aprocessing prohibition signal based on unsuccessful authentication. Whenauthentication is successful and permission information indicating thatthe processing is permitted is thus sent to the information processingapparatus 501, in step S310, the operation information is registered inthe authentication information database (DB) 506, and the processing isterminated. When authentication is unsuccessful and permissioninformation indicating that the processing is prohibited is sent, theoperation information is not registered in the authenticationinformation database (DB) 506, and the processing is terminated.

[0118] When it is determined in step S303 that the input operationinformation (input word) disagrees with the keyword stored in thekeyword database, in step S311, the authentication processing apparatus504 obtains checking result log up to the present from theauthentication result memory 505. In step S312, the authenticationprocessing apparatus 504 generates permission information on the basisof the obtained authentication log information. If the processing is tobe permitted, the authentication processing apparatus 504 outputs thepermission information to the information processing apparatus 501. Thepermission information is a processing permission signal based onsuccessful authentication. In contrast, when the processing is to beprohibited, in step S315, the authentication processing apparatus 504performs the processing to request the user to input a keyword. This isadvantageous in a case in which, for example, when no keyword has beeninput in a predetermined number of past operations, such as noperations, the user is requested to input a keyword for performingkeyword-based authentication, and multiple operations are permitted bythe authentication based on the keyword input once.

[0119] [System Configuration]

[0120] A series of processes by the authentication processing apparatusof the present invention described in the above-described embodimentscan be performed by hardware, software, or a combination of both. Whenperforming the software-based processing, a computer program havingrecorded therein a processing sequence is installed in a memory in adata processing apparatus included in dedicated hardware, and thecomputer program is thus executed. Alternatively, the program isinstalled in a general computer capable of performing various processes,and the program is thus executed. When performing the series ofprocesses by software, a program forming the software is installed in,for example, a general computer or a one-chip microcomputer. FIG. 13shows an example of the hardware configuration embodying the systemconfiguration of FIG. 4.

[0121] The system includes a CPU (Central Processing Unit) 602. The CPU(Central Processing Unit) 602 actually executes various applicationprograms and an OS (Operating System). A ROM (Read-Only-Memory) 603stores programs executed by the CPU 602 or fixed data serving asarithmetic parameters. A RAM (Random Access Memory) 604 is used as astorage area and/or a work area for programs executed by the CPU 602 andparameters changing in accordance with the processing of the programs.The CPU 602, the ROM 603, the RAM 604, and a hard disk 605 are connectedto one another by a bus 601 and can transfer data to one another. Also,data transfer between these components and various input/output unitsconnected to an input/output interface 611 is made possible.

[0122] A keyboard 612 and a mouse 613 are operated by a user to inputvarious instructions to the CPU 602. The keyboard 612 and the mouse 613are operated to input command input data via a keyboard/mouse controller614.

[0123] A drive 609 is a drive for recording/reading a removablerecording medium 610 such as a CD-ROM (Compact Disc Read Only Memory),an MO (Magneto optical) disc, a DVD (Digital Versatile Disc), a magneticdisc, or a semiconductor memory. The drive 609 reads a program or datafrom each removable recording medium 610 and stores a program or data ineach removable recording medium 610.

[0124] When an instruction is input using the keyboard 612 or the mouse613 via the input/output interface 611, the CPU 602 executes a programstored in the ROM (Read Only Memory) 603 in accordance with the input.

[0125] The CPU 602 can load not only a program stored in the ROM butalso a program stored in the hard disk 605, a program transferred from asatellite or network, received at a communication unit 608, andinstalled in the hard disk 605, or a program read from the removablerecording medium 610 placed on the drive 609 and installed in the harddisk 605 into the RAM (Random Access Memory) 604 and execute theprogram.

[0126] In the system with the arrangement shown in FIG. 13, the CPU 602performs the processing in accordance with the above-describedembodiments or the processing in accordance with the above-describedblock diagrams and flowcharts. The CPU 602 sends the processing resultfrom the communication unit 608. If necessary, for example, the CPU 602outputs the processing result via, for example, the input/outputinterface 611 and the output unit 606 to a display device such as an LCD(Liquid Crystal Display) or a CRT. Also, the CPU 602 can store theprocessing result in a recording medium such as the hard disk 605 or thelike.

[0127] A program for performing various processes is pre-recorded in thehard disk 605 or the ROM 603 serving as a recording medium included inthe system. Alternatively, the program may be temporarily or permanentlystored (recorded) in the removable recording medium 610 such as a floppydisc, a CD-ROM (Compact Disc Read Only Memory), an MO (Magneto optical)disc, a DVD (Digital Versatile Disc), a magnetic disc, or asemiconductor memory. Such a removable recording medium 610 can beprovided as so-called packaged software.

[0128] The program can be installed from the above-described removablerecording medium 610 into a computer. Alternatively, the program can bewirelessly transferred from a download site via an artificial satellitefor digital satellite broadcasting to a computer or transferred by wirethrough a network such as a LAN (Local Area Network) or the Internet toa computer. The computer receives the program transferred in such amanner at the communication unit 608, and the program is thus installedin the built-in hard disk 605.

[0129] In the description, processing steps for writing the program thatcauses the computer to perform various processes are not required to beprocessed in time series in accordance with the order described in theflowcharts. Steps which are performed in parallel with one other orwhich are performed individually (for example, parallel processing orprocessing by an object) are also included.

[0130] The program can be processed by a single computer. Alternatively,the program can be processed by a plurality of computers in adecentralized environment. Furthermore, the program can be transferredto a remote computer to be executed.

[0131] While the present invention has been described in detail withreference to the specific embodiments, it is to be understood thatmodifications and substitutions can be made by those skilled in the artwithout departing from the scope of the present invention. In otherwords, the present invention has been described using the embodimentsonly for illustration purposes and should not be interpreted in alimited manner. The scope of the present invention is to be determinedsolely by the appended claims.

[0132] Various processes described in this description are not onlyperformed in time series in accordance with the written order, but alsoparallel or discrete processing of the processes in accordance with theprocessing capacity of an apparatus that performs the processes ispossible. The word system in this specification refers to the logicalintegrated configuration including a plurality of apparatuses and is notlimited to apparatuses in the same casing.

[0133] Industrial Applicability

[0134] As is clear from the above description, according to the presentinvention, the authentication processing based on normal operationinformation obtained from normally operating an information processingapparatus is made possible. A user is thus not required to perform thespecial input processing for the authentication processing.

[0135] According to the present invention, the configuration implementsauthentication by applying a plurality of pieces of characteristicinformation serving as each individual's authentication informationwhile a plurality of different pieces of operation information, such asa plurality of keyboard input modes, are taken into consideration. Theuser authentication processing is thus performed with high accuracy.

[0136] According to the present invention, less dispersed data of aplurality of pieces of operation information indicating an individual'sextracted characteristics is weighted, and input operation informationis checked against the weighted information. The user authenticationprocessing is thus performed with high accuracy.

1. An individual authentication processing apparatus for performingindividual authentication, wherein: the individual authenticationprocessing apparatus obtains normal operation information from normallyoperating, by a user, input means of an information processingapparatus; extracts an individual's operation characteristic informationfrom the normal operation information; checks the individual's extractedoperation characteristic information against a registered user'soperation characteristic information stored in storage means; generates,on the basis of a result of the checking processing, permissioninformation for determining whether or not to permit the processing inaccordance with user operation of the input means to be performed on theinformation processing apparatus; and outputs the generated permissioninformation to the information processing apparatus.
 2. The individualauthentication processing apparatus according to claim 1, wherein, whengenerating the permission information, the individual authenticationprocessing apparatus refers to past checking log data stored in achecking result memory that stores past checking results, generates thepermission information based on the checking log data, and outputs thepermission information to the information processing apparatus.
 3. Theindividual authentication processing apparatus according to claim 1,wherein the operation characteristic information is information oncharacteristics of key input with a keyboard serving as the input means,the operation characteristic information is information including: DDnrepresenting time from pressing a previously input key to pressing asubsequently input key; UDn representing time from pressing a key toreleasing the key; and DUn representing time from releasing thepreviously input key to pressing the subsequently input key, and thechecking processing against the registered user's operationcharacteristic information stored in the storage means is performed bycomparing a distance value d with a predetermined threshold, thedistance value d being between input vectors DD, UD, and DU formed ofthe DDn, UDn, and DUn and mean vectors [DD], [UD], and [DU] of theregistered user's operation characteristic information stored in thestorage means.
 4. The individual authentication processing apparatusaccording to claim 3, wherein the distance value d is computed on thebasis of the equation d=|DD−[DD]|+k|UD−[UD]|+l|UD−[DU]| where k and lare coefficients.
 5. The individual authentication processing apparatusaccording to claim 1, wherein the storage means stores integrated piecesof operation characteristic information data concerning the sameoperation by the registered user; and the checking processing of theoperation characteristic information extracted from the normal operationinformation is performed by weighting less dispersed data of theintegrated pieces of characteristic information data concerning the sameoperation by the registered user, which are stored in the storage means,more heavily than widely dispersed data.
 6. The individualauthentication processing apparatus according to claim 1, wherein theoperation characteristic information is information on characteristicsof key input with a keyboard serving as the input means, the operationcharacteristic information is information including: DDn representingtime from pressing a previously input key to pressing a subsequentlyinput key; UDn representing time from pressing a key to releasing thekey; and DUn representing time from releasing the previously input keyto pressing the subsequently input key, and the checking processingagainst the registered user's operation characteristic informationstored in the storage means is performed by comparing a distance value dwith a predetermined threshold, the distance value d being computed onthe basis of the equationd=|(DD−[DD])/σDD|+k|(UD)−[UD])/σUD|+l|DU−[DU])/σDU| where DD, UD, and DUare input vectors formed of the DDn, UDn, and DUn, [DD], [UD], and [DU]are mean vectors of the registered user's operation characteristicinformation stored in the storage means, σDD, σUD, and σDU are standarddeviation vectors obtained on the basis of the registered user'soperation characteristic information stored in the storage means, and kand l are coefficients.
 7. The individual authentication processingapparatus according to claim 1, wherein the individual authenticationprocessing apparatus includes a keyword registration database thatstores a word based on which the authentication processing is performedas a keyword, and on condition that it is detected that the wordregistered in the keyword registration database is input from the inputmeans, the checking processing is performed on the basis of normaloperation information obtained from normally operating, by the user, theinput means in accordance with the input word.
 8. The individualauthentication processing apparatus according to claim 1, wherein thenormal operation information is information concerning an operationsequence of a mouse; the storage means stores the registered user'smouse operation sequence information as the operation characteristicinformation; and the checking processing is performed by checkingagainst the mouse operation sequence information.
 9. The individualauthentication processing apparatus according to claim 1, wherein thenormal operation information is information concerning a processingsequence of a program executable by the information processingapparatus; the storage means stores the registered user's programprocessing sequence information as the operation characteristicinformation; and the checking processing is performed by checkingagainst the program processing sequence information.
 10. The individualauthentication processing apparatus according to claim 1, wherein thenormal operation information is information on the frequency ofinputting a specific key; the storage means stores the registered user'sspecific key inputting frequency information as the operationcharacteristic information; and the checking processing is performed bychecking against the specific key inputting frequency information. 11.The individual authentication processing apparatus according to claim 1,wherein the individual authentication processing apparatus includes: anoperation unit serving as the input means that outputs a code inaccordance with the user operation; an extraction unit that extracts anindividual's operation characteristic information from normal operationinformation obtained from normally operating the operation unit by auser; a checking unit that checks the individual's operationcharacteristic information extracted by the extraction unit against aregistered user's operation characteristic information pre-registered ina storage medium; and an output unit that outputs permission informationto the information processing apparatus in accordance with a checkingresult by the checking unit, the permission information permitting theprocessing in accordance with user operation of the input means to beperformed on the information processing apparatus, wherein theextraction unit generates the individual's operation characteristicinformation at least based on output time and output transition time,the output time being from output start time to output end time of thecode output from the operation unit, and the output transition timebeing generated from the output end time of the output code and outputstart time of a code output subsequent to the code.
 12. The individualauthentication processing apparatus according to claim 11, wherein theextraction unit generates the individual's operation characteristicinformation on the basis of code interval time, which is a differencebetween the output start time of the code output from the operation unitand the output start time of the code output subsequent to the code. 13.The individual authentication processing apparatus according to claim11, wherein the checking unit performs the checking processing bycomputing and comparing the registered user's output time and outputtransition time registered in the storage medium with the output timeand the output transition time generated by the extraction unit.
 14. Theindividual authentication processing apparatus according to claim 11,wherein the extraction unit weights and adds a difference between theregistered user's output time registered in the storage medium and theoutput time generated by the extraction unit and a difference betweenthe registered user's output transition time registered in the storagemeans and the output transition time generated by the extraction unitand compares the sum with a threshold.
 15. The individual authenticationprocessing apparatus according to claim 1, wherein the individualauthentication processing apparatus includes: an operation unit servingas the input means that outputs a code in accordance with the useroperation; an extraction unit that extracts an individual's operationcharacteristic information based on output time from output start timeto output end time of the code output from the operation unit; a storagemedium that records the operation characteristic information every timethe code is output from the operation unit; a rating unit that ratesdispersion of the operation characteristic information recorded in thestorage medium; a checking unit that compares the individual's operationcharacteristic information extracted by the extraction unit with aregistered user's operation characteristic information pre-registered inthe storage medium and performs the checking processing in accordancewith the dispersion of the operation characteristic information rated bythe rating unit; and an output unit that outputs permission informationto the information processing apparatus in accordance with a checkingresult by the checking unit, the permission information permitting theprocessing in accordance with user operation of the input means to beperformed on the information processing apparatus.
 16. The individualauthentication processing apparatus according to claim 15, wherein therating unit rates the dispersion on the basis of standard deviation of aplurality of output times corresponding to the code.
 17. The individualauthentication processing apparatus according to claim 16, wherein thechecking unit compares a rated value against a threshold, the ratedvalue being obtained by dividing a difference between output time storedin the storage means and output time newly generated by the extractionunit by the standard deviation.
 18. An individual authenticationprocessing method of performing individual authentication, comprising: astep of obtaining normal operation information from normally operating,by a user, input means of an information processing apparatus; a step ofextracting an individual's operation characteristic information from thenormal operation information and checking the individual's extractedoperation characteristic information against a registered user'soperation characteristic information stored in storage means; and a stepof generating, on the basis of a result of the checking processing,permission information for determining whether or not to permit theprocessing in accordance with user operation of the input means to beperformed on the information processing apparatus and outputting thegenerated permission information to the information processingapparatus.
 19. The individual authentication processing method accordingto claim 18, wherein, when generating the permission information, theindividual authentication processing method refers to past checking logdata stored in a checking result memory that stores past checkingresults and generates the permission information on the basis of thechecking log data.
 20. The individual authentication processing methodaccording to claim 18, wherein the operation characteristic informationis information on characteristics of key input with a keyboard servingas the input means, the operation characteristic information isinformation including: DDn representing time from pressing a previouslyinput key to pressing a subsequently input key; UDn representing timefrom pressing a key to releasing the key; and DUn representing time fromreleasing the previously input key to pressing the subsequently inputkey, and the checking processing against the registered user's operationcharacteristic information stored in the storage means is performed bycomparing a distance value d with a predetermined threshold, thedistance value d being between input vectors DD, UD, and DU formed ofthe DDn, UDn, and DUn and mean vectors [DD], [UD], and [DU] of theregistered user's operation characteristic information stored in thestorage means.
 21. The individual authentication processing methodaccording to claim 20, wherein the distance value d is computed on thebasis of the equation d=|DD−[DD]|+k|UD−[UD]|+l|UD−[DU]| where k and lare coefficients.
 22. The individual authentication processing methodaccording to claim 18, wherein the storage means stores integratedpieces of operation characteristic information data concerning the sameoperation by the registered user; and the checking processing of theoperation characteristic information extracted from the normal operationinformation is performed by weighting less dispersed data of theintegrated pieces of characteristic information data concerning the sameoperation by the registered user, which are stored in the storage means,more heavily than widely dispersed data.
 23. The individualauthentication processing method according to claim 18, wherein theoperation characteristic information is information on characteristicsof key input with a keyboard serving as the input means, the operationcharacteristic information is information including: DDn representingtime from pressing a previously input key to pressing a subsequentlyinput key; UDn representing time from pressing a key to releasing thekey; and DUn representing time from releasing the previously input keyto pressing the subsequently input key, and the checking processingagainst the registered user's operation characteristic informationstored in the storage means is performed by comparing a distance value dwith a predetermined threshold, the distance value d being computed onthe basis of the equationd=|(DD−[DD])/σDD|+k|(UD)−[UD])/σUD|+l|(DU−[DU])/σDU| where DD, UD, andDU are input vectors formed of the DDn, UDn, and DUn, [DD], [UD], and[DU] are mean vectors of the registered user's operation characteristicinformation stored in the storage means, σDD, σUD, and σDU are standarddeviation vectors obtained on the basis of the registered user'soperation characteristic information stored in the storage means, and kand l are coefficients.
 24. The individual authentication processingmethod according to claim 18, wherein a keyword registration database isprovided that stores a word based on which the authentication processingis performed as a keyword, and on condition that it is detected that theword registered in the keyword registration database is input from theinput means, the checking processing is performed on the basis of normaloperation information obtained from normally operating the input meansby the user.
 25. The individual authentication processing methodaccording to claim 18, wherein the normal operation information isinformation concerning an operation sequence of a mouse; the storagemeans stores the registered user's mouse operation sequence informationas the operation characteristic information; and the checking processingis performed by checking against the mouse operation sequenceinformation.
 26. The individual authentication processing methodaccording to claim 18, wherein the normal operation information isinformation concerning a processing sequence of a program executable bythe information processing method; the storage means stores theregistered user's program processing sequence information as theoperation characteristic information; and the checking processing isperformed by checking against the program processing sequenceinformation.
 27. The individual authentication processing methodaccording to claim 18, wherein the normal operation information isinformation on the frequency of inputting a specific key; the storagemeans stores the registered user's specific key inputting frequencyinformation as the operation characteristic information; and thechecking processing is performed by checking against the specific keyinputting frequency information.
 28. A computer program for performingindividual authentication, comprising: a step of obtaining normaloperation information from normally operating, by a user, input means ofan information processing apparatus; a step of extracting anindividual's operation characteristic information from the normaloperation information and checking the individual's extracted operationcharacteristic information against a registered user's operationcharacteristic information stored in storage means; and a step ofgenerating, on the basis of a result of the checking processing,permission information for determining whether or not to permit theprocessing in accordance with user operation of the input means to beperformed on the information processing apparatus and outputting thegenerated permission information to the information processingapparatus.